TWIC Readers What to Expect

Transcription

1 TWIC Readers What to Expect Walter Hamilton Chairman International Biometric Industry Association

2 Walter Hamilton International Biometric Industry Association 1155 F Street, NW Washington, DC (727) whamilton@idtp.com

3 TWIC Biometric Readers Purpose is to read TWIC card and perform automated validation of card and biometric verification of card holder identity Operators of maritime facilities and vessels are responsible for reader acquisition Readers should comply with TWIC reader specification and undergo TSA lab testing before being deployed Policies for reader use will be set through rule making led by USCG SAFE Port Act requires field pilot test before issuance of final reader rule

4 Benefits of Reader Use Automates card validation and verification process Replaces visual verification with technology Improves accuracy of verification process Can directly interface with physical access control system (PACS) that determines access privileges and controls gate operation Can generate audit log of transactions Protects against TWIC card forgeries Prevents unauthorized loaning of TWIC card to others

5 Key Maritime Requirements Outdoor readers must operate in all weather conditions Temperature Humidity Sunlight Dirt Rain Snow Salt spray

6 Key Maritime Requirements (cont.) Must allow contactless (RF) transfer of the biometric data from the TWIC card to the reader Variation from FIPS 201 standard used for Federal ID card Transactions should take no more than 3 seconds Fingerprint technology should be at least 99% accurate No requirement for entry of PIN No requirement for maritime owner/operator to manage shared secret encryption keys

7 Types of TWIC Readers Three main categories Indoor fixed mount Outdoor fixed mount Portable Two sub-categories Matches to reference (fingerprint) biometric stored on TWIC card Matches to operational (alternative) biometric stored on reader or PACS system Requires local biometric enrollment Could be any type of biometric technology Sagem Morpho Fixed Outdoor Reader Datastrip portable Reader

8 TWIC Reader Specification Status NMSAC Submitted recommended spec. Feb TSA published the TWIC reader working specification on September 11, 2007 (version 1.0) TSA updated specification on March 28, 2008 (v 1.1) TSA updated specification on May 30, 2008 (v 1.1.1) Can be downloaded at Also provides access to two reader technical bulletins Will likely undergo minor revisions as a result of lessons learned during field pilot test

9 Reader Spec Highlights Interoperable with Federal standard FIPS 201 Additional TWIC application on card supports specific maritime requirements No PIN entry required to read biometric data on card Contactless (RF) read of encrypted biometric data is allowed Biometric data is encrypted on card No requirement for maritime operator to manage secret keys TWIC Privacy Key used to decrypt biometric data Key is unique to each card (diversified key scheme) Accessible only from magnetic stripe or contact interface Can also be stored in local access control system server to eliminate need for magnetic swipe or contact read Similar to concept used in all electronic passports

10 Flexible Range of Implementation Approaches 2009 AAPA Port Operations, Safety & Info Tech Seminar Contact read of card Requires insertion of card into reader slot Contactless read of card Uses close proximity RF technology Contactless read + magnetic stripe read To obtain TWIC Privacy Key for decrypting fingerprint Standalone or networked operation

11 Functions Performed by Readers Card validation check Expiration date Entry on TSA hot list Valid digital signature Valid card issuer Card holder identity verification check Match to reference fingerprint stored on card, or Alternative biometric stored on server or reader TWIC Privacy key (TPK) can also be stored on server or reader Automate the process of card holder registration into local physical access control system (PACS) Collect transaction information for audit history reporting Read and display card holder name Read and display card holder facial photo Requires PIN entry through PIV application

12 TWIC Readers are Available Now Manufacturers have already adapted existing commercial off-the-shelf reader products to meet TWIC specification requirements Many readers were already tested and qualified under the Federal Personal Identity Verification (PIV) program PIV is a smart card credential program for all Federal employees and contractors PIV reader testing has been managed by the General Services Administration (GSA) Adaptation of PIV readers to TWIC is primarily a firmware change

13 Examples of TWIC Readers 2009 AAPA Port Operations, Safety & Info Tech Seminar

14 TSA Reader Testing Status Initial Capability Evaluation (ICE) Limited functional test to assist pilot participants in reader selection 6 fixed and 9 portable reference-type biometric readers tested 2 fixed operational-type biometric readers tested NOT a measure of strict performance/durability/capabilities List of readers that successfully passed ICE test can be found at

15 TSA Reader Testing Status (cont.) Functional System Conformance Test (F-SCT) Extensive lab test of functional conformance with spec Testing started in April at contractor laboratory in Maryland 4 readers tested so far all 15 ICE listed reference type biometric readers will be tested Environmental System Conformance Test (E-SCT) Controlled chamber testing to measure suitability for outdoor use A few readers have been chosen Testing will take place at Navy laboratory in Maryland

16 ICE-Tested TWIC Readers Manufacturer Fixed Indoor Fixed Outdoor Portable Corestreet 3 Cross Match 1 Datastrip 1 Identica* 1 Innometriks 1 Mobilisa 1 Motorola 1 Sagem Morpho Top Tech* 1 TransCore 1 Veridt 1 1 * Readers use operational (alternative) biometric technology

17 TWIC Reader Use Case Scenarios (Two Examples) 2009 AAPA Port Operations, Safety & Info Tech Seminar

18 Contactless Read of Fingerprint with TWIC Privacy Key (TPK) Stored on System Card # 1234 TPK Encrypted Template Template

19 Contactless Read of Fingerprint with Magnetic Swipe for TWIC Privacy Key 2009 AAPA Port Operations, Safety & Info Tech Seminar Encrypted Template TPK Template

20 Questions 2009 AAPA Port Operations, Safety & Info Tech Seminar